...
LDAP | SAML | Azure | |||
---|---|---|---|---|---|
Cloud or on-premise | Both - Some organizations do not want to expose LDAP to the internet so they choose on-premise. Read how LDAPs in the cloud is secure. | Both - Primarily used for cloud tenants who do not want to expose their LDAP directly to the internet | Both - provides a simple and secure way to access identity management (azure AD) in the cloud | ||
Are Users/Roles automatically synchronizied with your Live Forms tenant(s) ? | Yes - Manual user/role sync (via frevvo csv upload for example) is not required. The frevvo server automatically gets users & roles from LDAP. | No - if “auth only” mode selected - Users/Roles must be created in your tenant manually. The CSV upload is a good way to do this.
| Yes - Manual user/role sync (via frevvo csv upload for example) is not required. The frevvo server automatically gets users & roles from Azure AD. | ||
Single Sign On | Cloud - not available In-house - Must configure IIS using the IIS to Tomcat Connector | Yes | Yes | ||
Authentication Only Mode Choice | No - You must change your IDP (LDAP in this case) to have roles you need in your frevvo workflow if they do not already exist. All user information is maintained in LDAP | Yes | Yes | ||
Authentication Only = Yes | Not Supported | SAML handles authentication only - roles/users managed & maintained via the tenant Users/Roles UI. Changes made via the tenant Users/Roles UI do not get overridden when user logs in/out. You may choose this mode if:
Con - (1) All user information (email address) must be managed by the frevvo tenant admin. This can get out of sync with your IDP.
Pro - You can add roles for frevvo workflow without having to edit your IDP | Users and roles are defined in Azure AD.
| ||
Authentication Only = No | This is the only mode allowed in this SM and this property does not even exist to change it. Groups needed for these user types in your IDP:
Users are discovered immediately the first time the tenant connects to the IDP and are automatically and always kept in sync without any manual intervention. | Groups needed for these user types in your IDP:
Users discovered when they log in. Changes made via the the tenant Users/Roles UI are overwritten if user logs out then in again. | Users and roles are defined in Azure AD.
| ||
If your company uses LDAP as your IDP, do you need to install additional software to use this frevvo Security Manager? | No | Yes - (Either install one of the SAML 2.0 Implementations such as ADFS or use a cloud provider such as Okta, and configure it to talk to your LDAP server) | Yes (You must purchase Azure AD in the cloud) | ||
Can I embed frevvo forms/flows workflows into my website with this Security Manager? | Yes | Yes - if the visibility of the form is set to Public. Yes - if the visibility of the form is set to Public in Tenant and the user is already authenticated to SAML No - if the visibility of the form is set to Public in Tenant and the user is NOT already authenticated to SAML. This is because frevvo must direct the user to the IDP login screen and the browser will not allow loading the IDP login page in frevvo's form iframe. | Yes - if the visibility of the form is set to Public. Yes - if the visibility of the form is set to Public in Tenant and the user is already authenticated to Azure SAML. No - if the visibility of the form is set to Public in Tenant and the user is NOT already authenticated to Azure SAML. This is because frevvo must direct the user to the IDP login screen and the browser will not allow loading the IDP login page in frevvo's form iframe. | ||
What does frevvo support? | Microsoft AD, Open LDAP | Shibboleth, ADFS, Okta, Centrify, Google and any other software that implements the SAML 2.0 protocol | There is no other implementation of Azure AD then Azure AD | ||
What does frevvo certify? | Microsoft AD | none | Azure AD | ||
Do you need your own Configuration Specialist for your IDP | Yes | Yes | Yes |
...
If you are planning on changing the Security Manager from the Default Security Manager to LDAP(s), SAML or Azure SAML, and you want to preserve ApplicationsProjects/Forms/Flows Workflows developed in your trial/starter frevvo tenant, here's what we recommend:
- Make sure the users created in the Default Security Manager tenant have the same user names as the users in your Active Directory or IDP.
- Download the ApplicationsProjects/Forms/Flows Workflows that you want to preserve to your desktop as a backup BEFORE changing the Security Manager.
...